Article 52, Cross-border infrastructure for secondary use of electronic health data (HealthData@EU), Articles of the European Health Data Space (EHDS), (Proposal_3.5.2022)
1. Each Member State shall designate a national contact point for secondary use of electronic health data, responsible for making electronic health data available for secondary use in a cross-border context and shall communicate their names and contact details to the Commission. The national contact point may be the coordinator health data access body pursuant to Article 36. The Commission and the Member States shall make this information publicly available.
2. The national contact points referred to in paragraph 1 shall be authorised participants in the cross-border infrastructure for secondary use of electronic health data (HealthData@EU). The national contact points shall facilitate the cross-border access to electronic health data for secondary use for different authorised participants in the infrastructure and shall cooperate closely with each other and with the Commission.
3. Union institutions, bodies, offices and agencies involved in research, health policy or analysis, shall be authorised participants of HealthData@EU.
4. Health-related research infrastructures or similar structures whose functioning is based on Union law and which support the use of electronic health data for research, policy making, statistical, patient safety or regulatory purposes shall be authorised participants of HealthData@EU.
5. Third countries or international organisations may become authorised participants where they comply with the rules of Chapter IV of this Regulation and provide access to data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies. The Commission may adopt implementing acts establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with the Chapter IV of this Regulation and provides access to data users located in the Union to the electronic health data it has access to on equivalent terms and conditions.
The compliance with these legal, organisational, technical and security requirements, including with the standards for secure processing environments pursuant to Article 50 shall be checked under the control of the Commission. These implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68 (2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available.
6. Each authorised participant shall acquire the required technical capability to connect to and participate in HealthData@EU. Each participant shall comply with the requirements and technical specifications needed to operate the cross-border infrastructure and to allow the authorised participants to connect to each other within it.
7. The Commission is empowered to adopt delegated acts in accordance with Article 67 in order to amend this Article to add or remove categories of authorised participants in HealthData@EU, taking into account the opinion of the joint controllership group pursuant to Article 66 of this Regulation.
8. The Member States and the Commission shall set up HealthData@EU to support and facilitate the cross-border access to electronic health data for secondary use, connecting the national contact points for secondary use of electronic health data of all Member States and authorised participants in that infrastructure.
9. The Commission shall develop, deploy and operate a core platform for HealthData@EU by providing information technology services needed to facilitate the connection between health data access bodies as part of the cross-border infrastructure for the secondary use of electronic health data. The Commission shall only process electronic health data on behalf of the joint controllers as a processor.
10. Where requested by two or more health data access bodies, the Commission may provide a secure processing environment for data from more than one Member State compliant with the requirements of Article 50. Where two or more health data access bodies put electronic health data in the secure processing environment managed by the Commission, they shall be joint controllers and the Commission shall be processor.
11. The authorised participants shall act as joint controllers of the processing operations in which they are involved carried out in HealthData@EU and the Commission shall act as a processor.
12. Member States and the Commission shall seek to ensure interoperability of HealthData@EU with other relevant common European data spaces as referred to in Regulations […] [Data Governance Act COM/2020/767 final] and […] [Data Act COM/2022/68 final].
13. The Commission may, by means of implementing acts, set out:
(a) requirements, technical specifications, the IT architecture of HealthData@EU, conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU;
(b) the minimum criteria that need to be met by the authorised participants in the infrastructure;
(c) the responsibilities of the joint controllers and processor(s) participating in the cross-border infrastructures;
(d) the responsibilities of the joint controllers and processor(s) for the secure environment managed by the Commission;
(e) common specifications for the interoperability and architecture concerning HealthData@EU with other common European data spaces.
Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).
14. The approval for individual authorised participant to join HealthData@EU or to disconnect a participant from the infrastructure shall be issued by the Joint Controllership group, based on the results of the compliance checks.